Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-dev

From: Djamil ESSAISSI <djamil@××××××××××××.com>
To: gentoo-dev@××××××××××.org
Subject: Re: [gentoo-dev] NAT iptables info
Date: Tue, 02 Oct 2001 04:12:26
Message-Id: 20011002122143.64aa2434.djamil@francexpress.com
In Reply to: [gentoo-dev] NAT iptables info by Donny Davies
1 I fortunatly know what u mean, so i give you as an example my little farm at home ...:
2 first you have to know: eth0 is hookedup to the DSLmodem
3 eth1 is hookedup to the LAN
4 ppp0 is the outside link (can be DSL , DIAL UP or even a VPN!)
5
6 adsl-start < the stuff of rp-dsl that comes with gentoo...
7
8 #Open tha door
9
10 route add -net 0.0.0.0 gw 62.4.19.XXX < the IP on the PPP connection in my case it is static ;).
11
12 #Open sesame !
13
14 iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE < masquerade the bludy LAN thru ppp0
15 iptables -A FORWARD -i eth1 -j ACCEPT < and do me some forwarding too coming from eth1 [remember eth1 is the LAN side]
16
17
18 #Get me FTP
19
20 iptables -t nat -A PREROUTING -p tcp -d 62.4.19.XXX/32 --dport 21 -j DNAT --to 192.168.0.2:21 <<< this is how i use a PIII500/512M as a web
21 iptables -t nat -A PREROUTING -p tcp -d 62.4.19.XXX/32 --dport 20 -j DNAT --to 192.168.0.2:20 <<< ftp server behinde a good old p100 .
22
23
24 #Get me HTTP/S
25
26 iptables -t nat -A PREROUTING -p tcp -d 62.4.19.XXX/32 --dport 80 -j DNAT --to 192.168.0.2:80 <<<
27 iptables -t nat -A PREROUTING -p tcp -d 62.4.19.XXX/32 --dport 443 -j DNAT --to 192.168.0.2:443 <<<
28
29
30 #get me ssh
31
32 iptables -t nat -A PREROUTING -p tcp -d 62.4.19.XXX/32 --dport 24 -j DNAT --to 192.168.0.2:22 <<< or even use another port to open aonther ssh on the inside machine.
33
34
35 NOTE: there is no firewalling involved here !!! this makes it work only --- it doesnt protect any machine for example: if you got SUB7 on a win98 machine the Lame can get to you machine: but this set up is sweet when i run CS/HL server on an inside machine ...hard to beleive ! it WORKS !
36
37 BUT you still can protect it but blocking ports/ips ... good luck and be carefull.
38 NOTE also that this runs on gentoo so maybe i passed over some steps as they may have been already setup by default ...
39
40
41 grutz.
42
43
44 Djamil-
Report Message
Find on MARC Find on Google Groups